Hackers breached a US nuclear power plant's network, and it could be a 'big danger'

A US nuclear facility was breached in a cyberattack,
outlets reported on Wednesday.

The attack was contained to the business-associated
side of the plant, and evidence indicates that critical
infrastructure was not affected.

But cybersecurity experts say that now that the network
has been infiltrated, the nuclear systems have become
"much more vulnerable."

Unidentified hackers recently breached at least one US nuclear
power plant and the situation is being investigated by federal
officials, sources familiar with the matter told ABC News on
Wednesday.

The name and location of the plant have not been released, but
cyberattacks have affected "multiple nuclear power generation
sites this year," according to E&E News, which was the
first to report the story.

It is not yet clear who launched the attack and whether it
is connected to aglobal cyberattackthat crippled several countries and corporations
beginning on Tuesday.

The breach was contained to the business-associated side of the
plant, officials said. So far, little information has come out
about the origins of the hack, code named "Nuclear 17," but
evidence indicates that the attack was not serious enough to
prompt alerts from the public safety systems at the Nuclear
Regulatory Commission or the International Atomic Energy Agency,
E&E reported. The information available thus far indicates
that nuclear safety is not immediately at direct risk.

But cybersecurity experts say that now that hackers have
infiltrated the system, nuclear safety could be at risk down the
road.

"If a nuclear power facility is attacked on the business side,
that might actually serve as a way of information-gathering" for
hackers, Paulo Shakarian, founder of the cybersecurity firm
CYR3CON, told Business Insider. In some
cases, hackers will try to "see if, by reaching that system, they
can get more insight into what the facility is using on the
operational side," Shakarian said.

"This could be a big danger," he added. "And it could lead to
another attack that could be more serious."

Though nuclear power providers have rigorous practices in place
to divide business and nuclear operations in their networks,
experts say an attack on one could inform an attack on the other.

A breach to the business-associated end of a nuclear power plant
"is very severe and very scary," said Greg Martin, the CEO of
cybersecurity firm JASK. He said that while it was
"wonderful" that network segmentation prevented hackers from
being able to attack critical infrastructure directly, "the
business side has tons of information about the more vulnerable
infrastructure side of these types of plants."

That information can include emails; communications
involving design plans; information about security
assessments; emails or documents that contain passwords; and
more. Martin echoed Shakarian's assessment and added that some
information that can be gleaned from a breach like this can open
up a window that "can be used to set up for future, more damaging
attacks just based on the proprietary information they're able to
steal."

In the past, when business networks have been hacked,
attackers have been able to use the information they
obtained to create targeted spear-phishing campaigns that look
like existing vendors and email threads accessed
via compromised inboxes.

This tactic has been used several times but its potential
consequences most recently came to light through a leaked National
Security Agency intelligence report documenting the extent to
which Russia interfered in
the 2016 US election in an effort to tip the scales in Donald
Trump's favor. According to the document, Russian military
intelligence carried out a cyberattack on at least one US voting
software supplier and sent spear-phishing emails to over 100
local election officials days before the November election.

In the case of the nuclear power plant breach, Martin said once
hackers had accessed the business network, "it is much, much
more vulnerable" despite having a firewall and being segmented
off from the operational side.